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(57) Abstract 

This application discloses a method for restricted electronic transmission of information including the steps of encrypting information 
(#26) using a public key portion (#22) of a private/public key, transmitting the information following encrypting thereof over a medium 
which may be non-secure, receiving the information, following transmission thereof, at an output device (#14) in encrypted form, decrypting 
the information, received in encrypted form, at the output device using a private key portion (#20) of the private/public keyfand following 
decryption in the output device, outputting the information (#28) in non-encrypted form. A system for restricted electronic transmission of 
information is also disclosed. 
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ELECTRONIC PUBLISHING 
FIELD OF THE INVENTION 
The present invention relates to publishing and more particularly to electronic 
publishing. 

BACKGROUND OF THE INVENTION 

Electronic publishing which has seen a substantial increase in popularity with the 
advent of the Internet, has encountered a serious problem of unauthorized publication 
over the Internet. Although copyright laws prohibit such unauthorized publications and 
downloads, in practicality, it is impossible to enforce copyright effectively in respect of a 
work which has been published on the Internet for unrestricted download. 

Various techniques have been proposed for protecting electronically published 
materials. One example of such a technique appears in U.S. Patent 5,509,074 entitled 
"Method of protecting electronically published materials using cryptographic protocols". 
U.S. Patent 5,509,074 describes two alternative techniques for restricting the printing or 
display of electronically distributed publications. 

A first technique calls for encryption and decryption using a secret key that is 
known only to the publisher and is also embedded in the printer or other output device. 
This technique has the disadvantage that it requires that each publisher transmit to a 
single printer or other output devices or that multiple publishers seeking to transmit to 
the same printer or other output device share a single secret key. 

The second technique uses the secret key to convert the published material to a 
decrypted, bit-mapped representation of the material which includes information enabling 
the decrypted representation to be traceable to a user. This second technique has the 
disadvantage that it provides inadequate security, since bit-mapped representations may 
be reconverted into clean unencrypted form using conventional OCR techniques and the 
traceability can thus be defeated. 
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SUMMARY OF THE INVENTION 

The present invention seeks to provide a method and system for providing secure 
electronic publishing which overcome limitations of the prior art. 

There is thus provided in accordance with a preferred embodiment of the present 
invention a method for restricted electronic transmission of information including the 
steps of encrypting information using a public key portion of a private/public key, 
transmitting the information following encrypting thereof over a medium which may be 
non-secure; receiving the information, following transmission thereof, at an output 
device in encrypted form; decrypting the information, received in encrypted form, at the 
output device using a private key portion of the private/public key, and following 
decryption in the output device, outputting the information in non-encrypted form. 

There is also provided in accordance with a preferred embodiment of the present 
invention a method for restricted electronic transmission of information including the 
steps of encrypting information, transmitting the information following encrypting 
thereof over a medium which may be non-secure; receiving the information, following 
transmission thereof in encrypted form, at a computer which is only able to decrypt the 
information when that computer is connected to a specific output device; decrypting the 
information, received in encrypted form, at the computer when connected to the specific 
output device; and following decryption, outputting the information in non-encrypted 
form at the output device. 

Alternatively or additionally, decryption of the encrypted information at the 
computer connected to the specific output device is enabled by a preliminary decryption 
of the encrypted information by a secret key that is delivered to the computer 
subsequently to the transmission of the information. 

Preferably the encrypting step includes two encryption steps, one encryption step 
using a public key and another encryption step using a secret key and wherein the 
decrypting step includes two decryption steps, one decryption step using the secret key 
and the other decryption step using a private key embedded in the output device and 
corresponding to the public key. 
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The secret key may be transmitted prior to, during or subsequently to the 
transmitting step. 

Preferably, there is also provided the step of selectably formatting the information 
before or after the first decryption step and prior to the second decryption step. 

In accordance with a preferred embodiment of the present invention, the another 
encryption step includes a plurality of separate encryption steps for separate portions of 
the information. 

There is also provided in accordance with a preferred embodiment of the present 
invention a system for restricted electronic transmission of information comprising: 

a public key encryptor, encrypting information using a public key portion of a 
private/public key, 

an information transmitter, transmitting the information following encrypting 
thereof over a medium which may be non-secure; 

a customer site receiver, remote from the encryptor, receiving the information, 
following transmission thereof, at an output device in encrypted form; 

a decryptor, decrypting the information, received in encrypted form, at the output 
device using a private key portion of the private/public key. 

There is additionally provided in accordance with a preferred embodiment of the 
present invention a "system for restricted electronic transmission of information 
comprising: 

an encryptor for encrypting information; 

a transmitter, transmitting the information following encrypting thereof over a 
medium which may be non-secure; 

a receiver, remote from the encryptor, receiving the information, following 
transmission thereof in encrypted form, at a computer which is only able to decrypt the 
information when that computer is connected to a specific output device; and 

a decryptor, decrypting the information, received in encrypted form, at the 
computer when connected to the specific output device. 

Preferably, the encryptor is operative to carry out two encryption steps, one 
encryption step using a public key and another encryption step using a secret key and 
wherein the decryptor is operative to carry out two decryption steps, one decryption step 
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using the secret key and the other decryption step using a private key embedded in the 
output device and corresponding to the public key. 

In accordance with a preferred embodiment of the invention, there is also provided 
a computer for selectably formatting the information prior to decrypting thereof. 

There is preferably also provided a customer site unit useful in any of the methods 
or systems described above and including an output device having, embedded therein the 
private key. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will be understood and appreciated more fully from the 
following detailed description, taken in conjunction with the drawings in which: 

Fig. 1 is a simplified functional block diagram illustration of a method and system 
for restricted electronic transmission of information constructed and operative in 
accordance with a preferred embodiment of the present invention; 

Fig. 2 is a simplified functional block diagram illustration of an alternative method 
and system for restricted electronic transmission of information constructed and 
operative in accordance with a preferred embodiment of the present invention; 

Figs. 3A, 3B, 3C, 3D and 3E are illustrations of one mode of operation of the 
method and system of Figs. 1 & 2; 

Fig. 4 is a simplified functional block diagram illustration of another method and 
system for restricted electronic transmission of information constructed and operative in 
accordance with a preferred embodiment of the present invention; and 

Figs. 5A, 5B, 5C, 5D and 5E are illustrations of the operation of the method and 
system of any of Figs. 1 - 4 in accordance with another embodiment of the present 
invention. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 
Reference is now made to Fig. 1, which is a simplified functional block diagram 
illustration of a method and system for restricted electronic transmission of information 
constructed and operative in accordance with a preferred embodiment of the present 
invention. 
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In the embodiment of fig. 1, a clear, ready-for-print information file, such as a 
book file 12, in a standard file format, such as Postscript or PDF, is stored in a 
publisher's database. An output device 14, located at a customer's premises, remote from 
the publisher, typically includes a printing subsystem 16, such as a postscript HP Laser 
Jet printer and a processor 18, which may be a personal computer or any other suitable 
processor, or processor functionality which is incorporated in a processor present in the 
printing subsystem 16. 

A private key 20, forming part of a private/public key encryption/decryption 
system, such as that available from RSA Inc. and described at www.rsa.com, is 
embedded in the output device 14, in a manner such that it cannot be accessed by any 
user, including the customer. The private key 20 is preferably embedded in the printing 
subsystem, but may alternatively be embedded in any other suitable portion of the output 
device 14. 

In accordance with an alternative embodiment of the present invention, the printing 
subsystem 16 may be replaced by any other suitable type of output subsystem, such as a 
viewing subsystem, such as a display, or an audio annunciator subsystem, such as a 
speech generator. As a further alternative, the output device 14 may include more than 
one output subsystem of the type described hereinabove. 

Associated with the private key embedded in the output device is a known public 
key 22 which is typically specified on the output device 14 or available on machine 
readable media. Alternatively or additionally, the public key 22 may be made readily 
available, i.e. as through posting on the Internet, to anyone who enters the serial number 
of the output subsystem, such as a printer. 

When a customer wishes to order an electronic copy of a book or other 
information, the customer places an order with the publisher or the publisher's 
distributor. The order normally includes the standard billing information, such- as- a credit 
card number and a signature and the public key or information, such as the serial number 
of the printer, enabling the publisher to readily obtain the public key. 

The publisher, using a computer 24, encrypts the clear file 12, using the public key 
and a conventional encryption engine which is commercially available from RSA Inc., 
thus providing an encrypted file 26. The encrypted file is communicated to the customer's 
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output device 14 via E-mail, FTP or any other suitable media, which may not be secure 
and is received at processor 18. The processor employs the embedded private key 20 to 
decrypt the received encrypted file and then sends the decrypted information via the 
internal circuitry 28 of the output device 14 to the printing subsystem 16 and/or other 
output subsystem for output to the customer. It is appreciated that the circuitry. 28 must 
be secure from customer access in order to preserve security. 

Reference is now made to Fig. 2, which is a simplified functional block diagram 
illustration of an alternative method and system for restricted electronic transmission of 
information constructed and operative in accordance with a preferred embodiment of the 
present invention. The embodiment of Fig. 2 is similar to that of Fig. 1, except in that the 
public key 22 is not transmitted by the customer to the publisher. Instead, the serial 
number 30 of the output device 14 or of the output subsystem 16 is transmitted via 
circuitry 36 and used to find the public key in a public key director 32. The remainder of 
the system and method of Fig. 2 is identical to that of Fig. 1. 

In accordance with another embodiment of the present invention, the methods and 
systems of Figs. 1 and 2 may be operated so as to provide double encryption of the file 
12. In addition to the encryption described hereinabove, the file may be encrypted 
additionally using a random symmetrical key selected by the publisher and kept secret by 
the publisher. The double encrypted file is then transmitted to the customer who cannot 
use it until he receives from the publisher, the secret second key used in the second 
encryption. 

When the customer completes a purchase transaction, which may take place 
following transmittal of the file to the customer, the publisher communicates the secret 
second key to the customer, enabling him to decrypt the second encryption, typically 
using an ordinary computer which is used for receiving the encrypted file and is external 
to the output device. That "computer will then send the decrypted information to the 
processor 1 8 of the output device, for the second decryption. 

The methodology described hereinabove may be visualized by reference to Figs. 
3A, 3B, 3C, 3D and 3E. Fig. 3A illustrates the clear file, here designated 42, Fig. 3B 
shows a first encryption 44, typically using the public key as described in hereinabove 
with reference to Figs. 1 & 2. Fig. 3C shows a second encryption 46. Upon carrying out 
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of the first decryption, typically in an ordinary PC that is external to the output device, 
the remaining file is still encrypted with the public key as shown in Fig. 3D. Upon further 
decryption using the private key, a clean file is provided, as seen in Fig. 3E. 

Reference is now made to Fig. 4, which is a simplified functional block diagram 
illustration of another method and system for restricted electronic transmission of 
information constructed and operative in accordance with a preferred embodiment of the 
present invention; 

The method and system of Fig. 4 may be similar to that of Fig. 2 at the publisher 
side, except that the first encryption is done with a symmetric key that is provided by the 
customer upon ordering, and not with a public key, and the second encryption is done 
with a random symmetric key that is unknown at the customer side. On the customer 
side, in the embodiment of Fig. 4, the output device 56 may be any conventional output 
device, and does not require any hardware modification whatsoever, provided that the 
output device has the facility of being able to communicate its serial number upon 
interrogation by a computer coupled thereto. This feature is now conventional in various 
printers, such as HP LaserJet series 5 printers available from Hewlett-Packard. 

The customer may employ, for the first decryption of the decrypted information 
(stepping from Fig. 3C to Fig. 3D) and for formatting the encrypted information, a 
conventional PC including a display 52 and a processor and printer driver 54. 

One of the present inventors has developed a technique whereby formatted 
alphanumeric text, such as RTF test in Windows, can be encrypted in such a way that the 
encrypted text preserves the format and text attributes of the original text. This technique 
is described and claimed in PCT Application PCT/IL96/00088, filed August 26, 1996, 
published as WO 97/09817 on March 1, 1997, the disclosure of which is hereby 
incorporated by reference. 

It is appreciated that both the first and the second encryptions can be done while 
preserving the format of the original text. Moreover, the encrypted text can be 
reformatted while being encrypted, changing margins, line separations, font type and font 
size, for example. If a publisher chooses to encrypt the text in a way that preserves its 
format, then the customer can reformat the text to its needs without decrypting it, thus 
preparing it for printing in a desired format. 
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When a customer wishes to order an electronic copy of a book or other 
information, the customer places an order with the publisher or the publisher's 
distributor. The order normally includes the standard billing information, such as a credit 
card number and a signature and the serial number of the output device, the printer or 
other output subsystem. The. encryption is carried out by any suitable file encryption 
software using a key that does not have to be secret, inasmuch as the key is not sufficient 
for decryption. A preferred file and text encryption software package is commercially 
available from Aliroo Ltd. of Israel under the trademark PrivaSuite. 

The publisher, using a computer 54, encrypts the clear file 62. The encryption is 
carried out by any suitable file encryption software using a key that does not have to be 
secret, inasmuch as the key is not sufficient for decryption. A preferred file encryption 
software package is commercially available from Aliroo Ltd. of Israel under the 
trademark PrivaSuite. The encrypted file 66 is communicated via E-mail, FTP or any 
other suitable media, to the customer's computer 68, where it can be reformatted and 
decrypted and sent to the output device SO. 

The processor 68 polls the output device 56 for the known serial number thereof 
or for a secret serial number that is embedded therein and uses that number to decrypt 
the file using suitable decryption software, preferably PrivaSuite. The decrypting 
software does not accept the decryption key from any source other than a serial number 
reported by the output device 50. 

In accordance with a preferred embodiment of the present invention, the output 
device 50 includes a built-in software protection dongle 70, such as a dongle 
commercially available from Aladdin or Micro-Macro, which is logically interconnected 
between the processor 68 and the output subsystem. 

The embodiment of Fig. 4 has the advantage that it enables the received 
information: to be displayed on the screen and formatted by a customer, using-standard 
formatting software such as Acrobat by Adobe, in order to determine the font size, the 
pages to be printed, the margins and similar parameters. Printing of the information is 
only permitted by means of the print driver which is written to send the file only to a 
printer that suitably identifies itself and, if a dongle is provided, presents the dongle key 
which corresponds to the printer. 
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The embodiment of Fig. 4 does not require any change in the design of the printer 
but does have a cryptographic weakness in that the output connection from the 
. processor and printer driver, indicated by reference numeral 84 is accessible. If the data 
can be recorded from the output connection 84, the cryptographic protection is 
overcome. 

Reference is now made to Figs. 5A, 5B, 5C, 5D and 5E which are illustrations of 
operation of the method and system of any of Figs. 1 - 4 in accordance with an additional 
embodiment of the present invention. A document 88 is shown to have a table of 
contents 90 and typically three chapters, A, B and C, indicated by respective-reference 
numerals 92, 94 and 96. The document can be distributed and licensed in accordance 
with any of the methods described above and using any of the systems described 
hereinabove. 

Thus, each of chapters A, B and C can be identically encrypted as by the 
publisher's computer 12 (Fig. 1) with a public key as described hereinabove. The thus 
encrypted file, wherein a portion thereof, such as the table of contents 90 is typically not 
encrypted, is shown at reference numeral 100. This encryption is illustrated by frames 
102 formed about each of chapters 92, 94 and 96. 

If it is desired to separately license each of the chapters A, B and C, each chapter 
can be separately encrypted, as with a symmetric secret key, in much the same manner as 
described hereinabove with reference to Figs. 3A - 3E. The double encrypted file is 
indicated by reference numeral 104 and preferably includes an unencrypted table of 
contents 90. The separate encryptions are indicated by respective frames 106, 108 and 
1 10 surrounding frames 102. The secret keys for the second encryption are stored in the 
publisher's data base and are transmitted to the customer, as and when the customer 
purchases a given chapter. 

Decryption of the individual-chapters using the secret keys and using the private 
key take place as illustrated in Figs. SD and 5E. 

It is appreciated that the double encryption functionality shown in Figs. 3A - 3E 
and 5A - 5E enables transmission of the information to be decoupled from licensing 
thereof, so as to enable transmission to occur when convenient and cost effective and 
licensing to occur at a time convenient to the customer. 
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It will be apparent to persons skilled in the art that the present invention is not 
limited to what has been particularly shown and described hereinabove. Rather the scope 
of the present invention includes both combinations and sub-combinations of the features 
described hereinabove as well as modifications and further developments thereof which 
would occur to a person of skill in the art upon reading the foregoing description, which 
are not in the prior art. 
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CLAIMS 

. 1. A method for restricted electronic transmission of information including the steps 

of: 

encrypting information using a public key portion of a private/public key, 
transmitting the information following encrypting thereof over a medium which 
may be non-secure; 

receiving the information, following transmission thereof, at an output device in 
encrypted form; 

decrypting the information, received in encrypted form, at the output device using 
a private key portion of the private/public key; and 

following decryption in the output device, outputting the information in non- 
encrypted form. 

2. A method for restricted electronic transmission of information including the steps 

of: 

encrypting information; 

transmitting the information following encrypting thereof over a medium which 
may be non-secure; 

receiving the information, following transmission thereof in encrypted form, at a 
computer which is only able to decrypt the information when that computer is connected 
to a specific output device; 

decrypting the information, received in encrypted form, at the computer when 
connected to the specific output device; and 

following decryption, outputting the information in non-encrypted form at the 
output device. ■•-«■-• 

3. A method according to either of claims 1 and 2 and wherein the encrypting step 
includes two encryption steps, one encryption step using a public key and another 
encryption step using a secret key and wherein the decrypting step includes two 
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decryption steps, one decryption step using the secret key and the other decryption step 
using a private key embedded in the output device and corresponding to the public key. 

4. A method according to claim 3 and wherein the secret key is transmitted prior to 
the transmitting step. 

5. A method according to claim 3 and wherein the secret key is transmitted during the 
transmitting step. 

6. A method according to claim 3 and wherein the secret key is transmitted following 
the transmitting step. 

7. A method according to any of the preceding claims and also comprising the step of 
selectably formatting the information prior to decrypting thereof. 

8. A method according to claim 3 and wherein the another encryption step includes a 
plurality of separate encryption steps for separate portions of the information. 

9. A system for restricted electronic transmission of information comprising: 

a public key encryptor, encrypting information using a public key portion of a 
private/public key; 

an information transmitter, transmitting the information following encrypting 
thereof over a medium which may be non-secure; 

a customer site receiver, remote from the encryptor, receiving the information, 
following transmission thereof; at an output device in encrypted form; 

a decryptor, decrypting the information, received^ encrypted form, at the output 
device using a private key portion of the private/public key. 

10. A system for restricted electronic transmission of information comprising: 
an encryptor for encrypting information; 
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a transmitter, transmitting the information following encrypting thereof over a 
medium which may be non-secure; 

a receiver, remote from the encryptor, receiving the information, following 
transmission thereof in encrypted form, at a computer which is only able to decrypt the 
information when that computer is connected to a specific output device; and 

a decryptor, decrypting the information, received in encrypted form, at the 
computer when connected to the specific output device. 

11. A system according to either of claims 9 and 10 and wherein the encryptor is 
operative to cany out two encryption steps, one encryption step using a public key and 
another encryption step using a secret key and wherein the decryptor is operative to 
carry out two decryption steps, one decryption step using the secret key and the other 
decryption step using a private key embedded in the output device and corresponding to 
the public key. 

12. A system according to claim 1 1 and wherein the secret key is transmitted prior to 
the transmitting step. 

13. A system according to claim 11 and wherein the secret key is transmitted during 
the transmitting step. 

14. A system according to claim 1 1 and wherein the secret key is transmitted following 
the transmitting step. 

15. A system according to any of the preceding claims 9-14 and also comprising the a 
computer for selectably formatting the information prior to decrypting thereof. 

16. A system according to claim 1 1 and wherein the another encryption step includes a 
plurality of separate encryption steps for separate portions of the information. 
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17. A customer site unit useful in a method according to any of claims 1-8 and 
including an output device having embedded therein the private key. 

18. A customer site unit useful as part of a system according to any of claims 9-16 
and including an output device having embedded therein the private key. 

19. A customer site unit useful as part of a system according to any of claims 9-16 
and also including a software dongle. 

20. A system according to any of claims 9-10 and also comprising a software dongle 
in said output device. 
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